mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-09-19 04:41:09 +02:00
Code Issues Projects Releases Wiki Activity
vault/website/content/docs/auth/jwt/oidc-providers/secureauth.mdx
Erica Thompson 0660ea6fac
Update README (#31244) 
* Update README

Let contributors know that docs will now be located in UDR

* Add comments to each mdx doc

Comment has been added to all mdx docs that are not partials

* chore: added changelog

changelog check failure

* wip: removed changelog

* Fix content errors

* Doc spacing

* Update website/content/docs/deploy/kubernetes/vso/helm.mdx

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>

---------

Co-authored-by: jonathanfrappier <92055993+jonathanfrappier@users.noreply.github.com>
Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2025-07-22 08:12:22 -07:00

40 lines
1.6 KiB
Plaintext
Raw Blame History

---
layout: docs
page_title: Use SecureAuth for OIDC authentication
description: >-
Configure Vault to use SecureAuth as an OIDC provider.
---
> [!IMPORTANT]
> **Documentation Update:** Product documentation, which were located in this repository under `/website`, are now located in [`hashicorp/web-unified-docs`](https://github.com/hashicorp/web-unified-docs), colocated with all other product documentation. Contributions to this content should be done in the `web-unified-docs` repo, and not this one. Changes made to `/website` content in this repo will not be reflected on the developer.hashicorp.com website.
# Use SecureAuth for OIDC authentication
The [SecureAuth](https://www.secureauth.com/) identity provider returns group membership
claims as a comma-separated list of strings (e.g. `groups: "group-1,group-2"`) instead
of a list of strings.
To properly obtain group membership when using SecureAuth as the identity provider for
Vault's OIDC Auth Method, the `secureauth` provider must be explicitly configured as
shown below.
```shell
vault write auth/oidc/config -<<"EOH"
{
"oidc_client_id": "your_client_id",
"oidc_client_secret": "your_client_secret",
"default_role": "your_default_role",
"oidc_discovery_url": "https://idp.sasp.gosecureauth.com/your_secure_auth",
"provider_config": {
"provider": "secureauth"
}
}
EOH
```
This will instruct the OIDC Auth Method to parse the comma-separated groups claims string
into individual groups. Note that the role's [`groups_claim`](/vault/api-docs/auth/jwt#groups_claim)
value must be properly configured to target the groups claim for your SecureAuth identity
provider.
Reference in New Issue View Git Blame Copy Permalink